Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2011-5106

    Cross-site scripting (XSS) vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter.... Read more

    Affected Products : wordpress flexible_custom_post_type
    • Published: Aug. 23, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-0799

    Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous front-page forum is enabled, allows remote attackers to obtain session keys for their sessions by visiting the front page.... Read more

    Affected Products : moodle
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-2536

    Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerabil... Read more

    • Published: Sep. 11, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-16012

    Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.... Read more

    Affected Products : firefox chrome
    • Published: Jan. 08, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-4819

    Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to (1) maximo.jsp or (2) the de... Read more

    • Published: Mar. 13, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1857

    Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability."... Read more

    Affected Products : dynamics_ax
    • Published: Jun. 12, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-4897

    Tor before 0.2.2.25-alpha, when configured as a relay without the Nickname configuration option, uses the local hostname as the Nickname value, which allows remote attackers to obtain potentially sensitive information by reading this value.... Read more

    Affected Products : tor tor
    • Published: Dec. 23, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2007-5472

    Cross-site scripting (XSS) vulnerability in the Server component in CA Host-Based Intrusion Prevention System (HIPS) before 8.0.0.93 allows remote attackers to inject arbitrary web script or HTML via requests that are written to logs for later display in ... Read more

    • Published: Oct. 22, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-2269

    Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary field to apps/contacts/ajax/addcard.php, (2) the parameter parameter to apps/contacts/ajax/addp... Read more

    Affected Products : owncloud owncloud_server
    • Published: Apr. 20, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-0285

    Multiple cross-site scripting (XSS) vulnerabilities in Stoneware webNetwork before 6.0.8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : webnetwork
    • Published: Jan. 24, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1858

    The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cro... Read more

    • Published: Jun. 12, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1873

    Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML document, aka "Null Byte Information Disclosure Vulnerability... Read more

    • Published: Jun. 12, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-1510

    Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus (SDP) before 8012 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter.... Read more

    • Published: Sep. 20, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1870

    The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext d... Read more

    • Published: Jul. 10, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-5132

    Cross-site scripting (XSS) vulnerability in MyBB before 1.6.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "usernames via AJAX."... Read more

    Affected Products : mybb
    • Published: Aug. 30, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1990

    Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric Kerweb before 3.0.1 and Kerwin before 6.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the evtvariablename parameter in an evts.xml action to kw.dll, (2) ... Read more

    Affected Products : kerweb kerwin
    • Published: May. 22, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-0850

    The sbr_qmf_synthesis function in libavcodec/aacsbr.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted mpg file that triggers memory corruption involving the v_off variable, probably a buffer un... Read more

    Affected Products : ffmpeg
    • Published: Aug. 20, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-1400

    The Mollie Forms plugin for WordPress is vulnerable to unauthorized post or page duplication due to a missing capability check on the duplicateForm function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, w... Read more

    Affected Products : mollie_forms
    • Published: Mar. 11, 2024
    • Modified: Feb. 05, 2025

  • 4.3

    MEDIUM
    CVE-2012-1238

    Session fixation vulnerability in SENCHA SNS before 1.0.2 allows remote attackers to hijack web sessions via unspecified vectors.... Read more

    Affected Products : sencha_sns
    • Published: Apr. 06, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-0322

    The EStrongs ES File Explorer application 1.6.0.2 through 1.6.1.1 for Android does not properly restrict access, which allows remote attackers to read arbitrary files via vectors involving an unspecified function.... Read more

    Affected Products : android es_file_explorer
    • Published: Mar. 05, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 294714 Results